Cyber Insider Threat
Abstract
The Cyber Insider Threat program is developing technologies for identifying advanced cyber threat missions that may be currently ongoing within DoD and government interest systems and networks. The program focuses on identifying ongoing adversary missions rather than a person, program, or particular piece of malware. Current cyber defenses are primarily based on network and host intrusion detection and look for "break-ins" and abnormal behavior without context. The CINDER program is building tools and techniques that apply mission templates of advanced cyber espionage onto seemingly normal internal system and network activity. Through this, CINDER will uncover ongoing advanced persistent cyber threats and espionage that exist within our own cyber environments. This work is continuing in PE 0603760E, Project CCC-04 beginning in FY 2012.
Document Details
- Document Type
- Accomplishment
- Publication Date
- Oct 01, 2013
- Source ID
- d8772f95e125e254ade1a557cf9a8f66